3.1.2 Volatility Source Package

Volatility is also distributed as a source package; you can run it on Windows, macOS, or Linux operating systems. Volatility relies on various plugins to perform tasks, and some of these plugins depend on third-party Python packages. To run Volatility, you need to install Python 2.7 Interpreter and its dependencies. The web page: https://github.com/volatilityfoundation/volatility/wiki/Installation#recommended-packages contains a list of the third-party Python packages that are required by some of the Volatility plugins. You can install these dependencies by reading the documentation. Once all the dependencies are installed, download the Volatility source code package, extract it, and run Volatility, as follows:

$ python vol.py -h
Volatility Foundation Volatility Framework 2.6
Usage: Volatility - A memory forensics analysis platform.

Options:
  -h, --help             list all available options and their default values.
                         Default values may be set in the configuration file
                         (/etc/volatilityrc)
  --conf-file=/root/.volatilityrc
                         User based configuration file
  -d, --debug            Debug volatility
[...REMOVED...]

All the examples mentioned in this book use the Volatility Python script (python vol.py) from the source package. You are free to choose a standalone executable, but just remember to replace python vol.py with the standalone executable name.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.209.8